Hello community,
here is the log from the commit of package NetworkManager-applet for
openSUSE:Factory checked in at 2017-05-31 12:14:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/NetworkManager-applet (Old)
and /work/SRC/openSUSE:Factory/.NetworkManager-applet.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "NetworkManager-applet"
Wed May 31 12:14:14 2017 rev:6 rq:498560 version:1.4.6
Changes:
--------
---
/work/SRC/openSUSE:Factory/NetworkManager-applet/NetworkManager-applet.changes
2017-03-22 23:01:35.453665539 +0100
+++
/work/SRC/openSUSE:Factory/.NetworkManager-applet.new/NetworkManager-applet.changes
2017-05-31 12:14:16.658683348 +0200
@@ -1,0 +2,6 @@
+Fri Apr 21 12:41:38 UTC 2017 - [email protected]
+
+- Rebase nm-applet-migration-tool.patch.
+- Rebase nm-applet-dialog-check-permissions.patch.
+
+-------------------------------------------------------------------
@@ -54,0 +61 @@
+- Drop nm-applet-support-ttls-mschapv2.patch: fixed upstream.
@@ -126,0 +134,2 @@
+- Drop nm-applet-fix-export-button-not-sensible.patch: fixed
+ upstream.
@@ -187,0 +197,6 @@
+Wed Sep 7 11:12:31 UTC 2016 - [email protected]
+
+- Add NetworkManager-gnome-bsc1003069-default-agent-owned-secrets.patch
+ (bsc#1003069).
+
+-------------------------------------------------------------------
@@ -193,0 +209,13 @@
+- Add nm-applet-migration-tool.patch: Build and autostart migration
+ tool to migrate old VPN settings (bsc#952123, bsc#1001137,
+ bsc#1000648).
+- Add nm-applet-fix-export-button-not-sensible.patch: Pick upstream
+ commit 324f17354146242307687c75908cba0362606c8c to fix
+ sensitivity of "Export" button for VPN (bsc#991607).
+- Add nm-applet-dialog-check-permissions.patch: Check permissions
+ before showing 802.1x wifi new-connection dialog, upstream commit
+ 38303e04 (bsc#1028792, CVE-2017-6590).
+- Add nm-applet-support-ttls-mschapv2.patch: Add support for plain
+ MSCHAPV2 as inner authentication method when using TTLS as outer
+ authentication method (bsc#1009019, bgo#768489).
+
New:
----
NetworkManager-gnome-bsc1003069-default-agent-owned-secrets.patch
nm-applet-dialog-check-permissions.patch
nm-applet-migration-tool.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ NetworkManager-applet.spec ++++++
--- /var/tmp/diff_new_pack.QsX2D9/_old 2017-05-31 12:14:17.290594149 +0200
+++ /var/tmp/diff_new_pack.QsX2D9/_new 2017-05-31 12:14:17.294593584 +0200
@@ -37,6 +37,12 @@
Patch0: nm-applet-private-connection.patch
# PATCH-NEEDS-REBASE nm-applet-probe-radius-server-cert.patch bsc#574266
[email protected] -- Probe the RADIUS server certificate. (WAS: PATCH-FIX-UPSTREAM)
Patch1: nm-applet-probe-radius-server-cert.patch
+# PATCH-FEATURE-SLE nm-applet-migration-tool.patch bsc#952123 [email protected]
-- Build migration tool on SLE to migrate old VPN configurations
+Patch2: nm-applet-migration-tool.patch
+# PATCH-FIX-UPSTREAM nm-applet-dialog-check-permissions.patch bsc#1028792
CVE-2017-6590 [email protected] -- Check permissions before showing 802.1x wifi
new-connection dialog
+Patch3: nm-applet-dialog-check-permissions.patch
+# PATCH-FIX-OPENSUSE
NetworkManager-gnome-bsc1003069-default-agent-owned-secrets.patch bsc#1003069
[email protected] -- Make sure secrets default to agent-owned (encrypted keyring).
+Patch4:
NetworkManager-gnome-bsc1003069-default-agent-owned-secrets.patch
# Needed for patch0 - disabled since patch0 is disabled.
#BuildRequires: gnome-common
BuildRequires: intltool
@@ -171,7 +177,10 @@
%endif
%if !0%{?is_opensuse}
translation-update-upstream
+%patch2 -p1
%endif
+%patch3 -p1
+%patch4 -p1
%build
# Patch0 is disabled.
++++++ NetworkManager-gnome-bsc1003069-default-agent-owned-secrets.patch ++++++
diff --git a/src/libnm-gtk/nm-ui-utils.c b/src/libnm-gtk/nm-ui-utils.c
index df2301d..edd1ff4 100644
--- a/src/libnm-gtk/nm-ui-utils.c
+++ b/src/libnm-gtk/nm-ui-utils.c
@@ -864,8 +864,10 @@ nma_utils_setup_password_storage (GtkWidget *passwd_entry,
gtk_menu_attach_to_widget (GTK_MENU (popup_menu), passwd_entry, NULL);
/* Initialize active item for password-storage popup menu */
- if (setting && password_flags_name)
- nm_setting_get_secret_flags (setting, password_flags_name,
&secret_flags, NULL);
+ if (setting && password_flags_name) {
+ if (!nm_setting_get_secret_flags (setting, password_flags_name,
&secret_flags, NULL))
+ secret_flags = initial_flags;
+ }
else
secret_flags = initial_flags;
diff --git a/src/wireless-security/eap-method-leap.c
b/src/wireless-security/eap-method-leap.c
index 565c68a..e52b23f 100644
--- a/src/wireless-security/eap-method-leap.c
+++ b/src/wireless-security/eap-method-leap.c
@@ -238,7 +238,7 @@ eap_method_leap_new (WirelessSecurity *ws_parent,
/* Create password-storage popup menu for password entry under entry's
secondary icon */
if (connection)
s_8021x = nm_connection_get_setting_802_1x (connection);
- nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x,
parent->password_flags_name,
+ nma_utils_setup_password_storage (widget,
NM_SETTING_SECRET_FLAG_AGENT_OWNED, (NMSetting *) s_8021x,
parent->password_flags_name,
FALSE, secrets_only);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"show_checkbutton_eapleap"));
diff --git a/src/wireless-security/eap-method-simple.c
b/src/wireless-security/eap-method-simple.c
index bffe179..a2156fa 100644
--- a/src/wireless-security/eap-method-simple.c
+++ b/src/wireless-security/eap-method-simple.c
@@ -343,7 +343,7 @@ eap_method_simple_new (WirelessSecurity *ws_parent,
/* Create password-storage popup menu for password entry under entry's
secondary icon */
if (connection)
s_8021x = nm_connection_get_setting_802_1x (connection);
- nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x,
parent->password_flags_name,
+ nma_utils_setup_password_storage (widget,
NM_SETTING_SECRET_FLAG_AGENT_OWNED, (NMSetting *) s_8021x,
parent->password_flags_name,
FALSE, flags &
EAP_METHOD_SIMPLE_FLAG_SECRETS_ONLY);
g_signal_connect (method->password_entry, "notify::secondary-icon-name",
diff --git a/src/wireless-security/eap-method-tls.c
b/src/wireless-security/eap-method-tls.c
index 815e6a8..3e64570 100644
--- a/src/wireless-security/eap-method-tls.c
+++ b/src/wireless-security/eap-method-tls.c
@@ -584,7 +584,7 @@ eap_method_tls_new (WirelessSecurity *ws_parent,
ws_parent);
/* Create password-storage popup menu for password entry under entry's
secondary icon */
- nma_utils_setup_password_storage (widget, 0, (NMSetting *) s_8021x,
parent->password_flags_name,
+ nma_utils_setup_password_storage (widget,
NM_SETTING_SECRET_FLAG_AGENT_OWNED, (NMSetting *) s_8021x,
parent->password_flags_name,
FALSE, secrets_only);
widget = GTK_WIDGET (gtk_builder_get_object (parent->builder,
"show_checkbutton_eaptls"));
diff --git a/src/wireless-security/wireless-security.c
b/src/wireless-security/wireless-security.c
index 17eaab5..ffbb931 100644
--- a/src/wireless-security/wireless-security.c
+++ b/src/wireless-security/wireless-security.c
@@ -551,8 +551,10 @@ ws_802_1x_fill_connection (WirelessSecurity *sec,
/* Get previous pasword flags, if any. Otherwise default to agent-owned
secrets */
s_8021x = nm_connection_get_setting_802_1x (connection);
- if (s_8021x)
- nm_setting_get_secret_flags (NM_SETTING (s_8021x),
eap->password_flags_name, &secret_flags, NULL);
+ if (s_8021x) {
+ if (!nm_setting_get_secret_flags (NM_SETTING (s_8021x),
eap->password_flags_name, &secret_flags, NULL))
+ secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
+ }
else
secret_flags = NM_SETTING_SECRET_FLAG_AGENT_OWNED;
diff --git a/src/wireless-security/ws-leap.c b/src/wireless-security/ws-leap.c
index 0ca97b2..9cee65d 100644
--- a/src/wireless-security/ws-leap.c
+++ b/src/wireless-security/ws-leap.c
@@ -179,7 +179,7 @@ ws_leap_new (NMConnection *connection, gboolean
secrets_only)
sec);
/* Create password-storage popup menu for password entry under entry's
secondary icon */
- nma_utils_setup_password_storage (widget, 0, (NMSetting *) wsec,
sec->password_flags_name,
+ nma_utils_setup_password_storage (widget,
NM_SETTING_SECRET_FLAG_AGENT_OWNED, (NMSetting *) wsec,
sec->password_flags_name,
FALSE, secrets_only);
if (wsec)
diff --git a/src/wireless-security/ws-wep-key.c
b/src/wireless-security/ws-wep-key.c
index 0309042..e47c6dd 100644
--- a/src/wireless-security/ws-wep-key.c
+++ b/src/wireless-security/ws-wep-key.c
@@ -278,7 +278,7 @@ ws_wep_key_new (NMConnection *connection,
/* Create password-storage popup menu for password entry under entry's
secondary icon */
if (connection)
setting = (NMSetting *)
nm_connection_get_setting_wireless_security (connection);
- nma_utils_setup_password_storage (widget, 0, setting,
sec->password_flags_name,
+ nma_utils_setup_password_storage (widget,
NM_SETTING_SECRET_FLAG_AGENT_OWNED, setting, sec->password_flags_name,
FALSE, secrets_only);
if (connection) {
diff --git a/src/wireless-security/ws-wpa-psk.c
b/src/wireless-security/ws-wpa-psk.c
index 1495707..edd21d7 100644
--- a/src/wireless-security/ws-wpa-psk.c
+++ b/src/wireless-security/ws-wpa-psk.c
@@ -201,7 +201,7 @@ ws_wpa_psk_new (NMConnection *connection, gboolean
secrets_only)
/* Create password-storage popup menu for password entry under entry's
secondary icon */
if (connection)
setting = (NMSetting *)
nm_connection_get_setting_wireless_security (connection);
- nma_utils_setup_password_storage (widget, 0, setting,
sec->password_flags_name,
+ nma_utils_setup_password_storage (widget,
NM_SETTING_SECRET_FLAG_AGENT_OWNED, setting, sec->password_flags_name,
FALSE, secrets_only);
/* Fill secrets, if any */
++++++ nm-applet-dialog-check-permissions.patch ++++++
diff --git a/src/applet-device-wifi.c b/src/applet-device-wifi.c
index 7b8fa6e..cd44e05 100644
--- a/src/applet-device-wifi.c
+++ b/src/applet-device-wifi.c
@@ -40,12 +40,6 @@ static void wifi_dialog_response_cb (GtkDialog *dialog, gint
response, gpointer
static NMAccessPoint *update_active_ap (NMDevice *device, NMDeviceState state,
NMApplet *applet);
-static void _do_new_auto_connection (NMApplet *applet,
- NMDevice *device,
- NMAccessPoint *ap,
- AppletNewAutoConnectionCallback callback,
- gpointer callback_data);
-
/*****************************************************************************/
typedef struct {
@@ -292,74 +286,6 @@ nma_menu_add_create_network_item (GtkWidget *menu,
NMApplet *applet)
gtk_widget_set_sensitive (GTK_WIDGET (menu_item), FALSE);
}
-static void
-dbus_8021x_add_and_activate_cb (GObject *client,
- GAsyncResult *result,
- gpointer user_data)
-{
- GError *error = NULL;
- NMActiveConnection *active;
-
- active = nm_client_add_and_activate_connection_finish (NM_CLIENT
(client), result, &error);
- if (error)
- g_warning ("Failed to add/activate connection: (%d) %s",
error->code, error->message);
-
- g_clear_object (&active);
- g_clear_error (&error);
-}
-
-typedef struct {
- NMApplet *applet;
- NMDevice *device;
- NMAccessPoint *ap;
-} Dbus8021xInfo;
-
-static void
-dbus_connect_8021x_cb (NMConnection *connection,
- gboolean auto_created,
- gboolean canceled,
- gpointer user_data)
-{
- Dbus8021xInfo *info = user_data;
-
- if (canceled == FALSE) {
- g_return_if_fail (connection != NULL);
-
- /* Ask NM to add the new connection and activate it; NM will
fill in the
- * missing details based on the specific object and the device.
- */
- nm_client_add_and_activate_connection_async
(info->applet->nm_client,
- connection,
- info->device,
- nm_object_get_path
(NM_OBJECT (info->ap)),
- NULL,
-
dbus_8021x_add_and_activate_cb,
- info->applet);
- }
-
- g_object_unref (info->device);
- g_object_unref (info->ap);
- memset (info, 0, sizeof (*info));
- g_free (info);
-}
-
-gboolean
-applet_wifi_connect_to_8021x_network (NMApplet *applet,
- NMDevice *device,
- NMAccessPoint *ap)
-{
- Dbus8021xInfo *info;
-
- info = g_malloc0 (sizeof (*info));
- info->applet = applet;
- info->device = g_object_ref (device);
- info->ap = g_object_ref (ap);
-
- _do_new_auto_connection (applet, device, ap, dbus_connect_8021x_cb,
info);
- return TRUE;
-}
-
-
typedef struct {
NMApplet *applet;
NMDeviceWifi *device;
@@ -514,17 +440,28 @@ done:
gtk_widget_destroy (GTK_WIDGET (dialog));
}
-static void
-_do_new_auto_connection (NMApplet *applet,
- NMDevice *device,
- NMAccessPoint *ap,
- AppletNewAutoConnectionCallback callback,
- gpointer callback_data)
+static gboolean
+can_get_permission (NMApplet *applet, NMClientPermission perm)
{
- NMConnection *connection = NULL;
- NMSettingConnection *s_con = NULL;
+ if ( applet->permissions[perm] == NM_CLIENT_PERMISSION_RESULT_YES
+ || applet->permissions[perm] == NM_CLIENT_PERMISSION_RESULT_AUTH)
+ return TRUE;
+ return FALSE;
+}
+
+static gboolean
+wifi_new_auto_connection (NMDevice *device,
+ gpointer dclass_data,
+ AppletNewAutoConnectionCallback callback,
+ gpointer callback_data)
+{
+ WifiMenuItemInfo *info = (WifiMenuItemInfo *) dclass_data;
+ NMApplet *applet;
+ NMAccessPoint *ap;
+ NMConnection *connection;
+ NMSettingConnection *s_con;
NMSettingWireless *s_wifi = NULL;
- NMSettingWirelessSecurity *s_wsec = NULL;
+ NMSettingWirelessSecurity *s_wsec;
NMSetting8021x *s_8021x = NULL;
GBytes *ssid;
NM80211ApSecurityFlags wpa_flags, rsn_flags;
@@ -532,9 +469,13 @@ _do_new_auto_connection (NMApplet *applet,
MoreInfo *more_info;
char *uuid;
- g_assert (applet);
- g_assert (device);
- g_assert (ap);
+ g_return_val_if_fail (dclass_data, FALSE);
+ g_return_val_if_fail (NM_IS_DEVICE (device), FALSE);
+ g_return_val_if_fail (NM_IS_ACCESS_POINT (info->ap), FALSE);
+ g_return_val_if_fail (NM_IS_APPLET (info->applet), FALSE);
+
+ applet = info->applet;
+ ap = info->ap;
connection = nm_simple_connection_new ();
@@ -590,6 +531,15 @@ _do_new_auto_connection (NMApplet *applet,
* Dialog Of Doom.
*/
if (s_8021x) {
+ if (!can_get_permission (applet,
NM_CLIENT_PERMISSION_SETTINGS_MODIFY_SYSTEM) &&
+ !can_get_permission (applet,
NM_CLIENT_PERMISSION_SETTINGS_MODIFY_OWN)) {
+ const char *text = _("Failed to add new connection");
+ const char *err_text = _("Insufficient privileges.");
+ g_warning ("%s: %s", text, err_text);
+ utils_show_error_dialog (_("Connection failure"), text,
err_text, FALSE, NULL);
+ g_clear_object (&connection);
+ return FALSE;
+ }
more_info = g_malloc0 (sizeof (*more_info));
more_info->applet = applet;
more_info->callback = callback;
@@ -606,24 +556,10 @@ _do_new_auto_connection (NMApplet *applet,
/* Everything else can just get activated right away */
callback (connection, TRUE, FALSE, callback_data);
}
-}
-static gboolean
-wifi_new_auto_connection (NMDevice *device,
- gpointer dclass_data,
- AppletNewAutoConnectionCallback callback,
- gpointer callback_data)
-{
- WifiMenuItemInfo *info = (WifiMenuItemInfo *) dclass_data;
-
- g_return_val_if_fail (device != NULL, FALSE);
- g_return_val_if_fail (info->ap != NULL, FALSE);
-
- _do_new_auto_connection (info->applet, device, info->ap, callback,
callback_data);
return TRUE;
}
-
static void
wifi_menu_item_activate (GtkMenuItem *item, gpointer user_data)
{
diff --git a/src/applet.h b/src/applet.h
index 41e95a1..b28dfa2 100644
--- a/src/applet.h
+++ b/src/applet.h
@@ -285,9 +285,6 @@ GdkPixbuf * nma_icon_check_and_load (const char *name,
NMApplet *applet);
gboolean applet_wifi_connect_to_hidden_network (NMApplet *applet);
-gboolean applet_wifi_connect_to_8021x_network (NMApplet *applet,
- NMDevice *device,
- NMAccessPoint *ap);
gboolean applet_wifi_create_wifi_network (NMApplet *applet);
gboolean applet_wifi_can_create_wifi_network (NMApplet *applet);
++++++ nm-applet-migration-tool.patch ++++++
diff --git a/Makefile.am b/Makefile.am
index a57e15f..e33e2b3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -871,11 +871,13 @@ EXTRA_DIST += \
autogen.sh
autostartdir = $(sysconfdir)/xdg/autostart
-autostart_in_files = nm-applet.desktop.in
+autostart_in_files = nm-applet.desktop.in \
+ nm-applet-migration-tool.desktop.in
autostart_DATA = $(autostart_in_files:.desktop.in=.desktop)
applicationsdir = $(datadir)/applications
-applications_DATA = $(autostart_DATA)
+applications_in_files = nm-applet.desktop.in
+applications_DATA = $(applications_in_files:.desktop.in=.desktop)
desktopdir = $(datadir)/applications
desktop_in_files = nm-connection-editor.desktop.in
diff --git a/nm-applet-migration-tool.desktop.in
b/nm-applet-migration-tool.desktop.in
new file mode 100644
index 0000000..95a2596
--- /dev/null
+++ b/nm-applet-migration-tool.desktop.in
@@ -0,0 +1,7 @@
+[Desktop Entry]
+_Name=VPN Migration Tool
+_Comment=Tool to migration VPN configurations
+Type=Application
+Exec=@LIBEXECDIR@/nm-applet-migration-tool
+OnlyShowIn=GNOME;
+NoDisplay=true
diff --git a/src/migration-tool.c b/src/migration-tool.c
new file mode 100644
index 0000000..0d39fde
--- /dev/null
+++ b/src/migration-tool.c
@@ -0,0 +1,117 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: t; c-basic-offset: 4 -*- */
+/* NetworkManager applet migration tool -- migrate old GConf settings
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright 2005-2012 Red Hat, Inc.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <libintl.h>
+#include <stdlib.h>
+
+#include <nm-remote-connection.h>
+#include <nm-remote-settings.h>
+
+#include "gconf-helpers.h"
+
+gboolean success = TRUE;
+gint connection_count = 0;
+gint add_cb_count = 0;
+GMainLoop *loop = NULL;
+
+static void
+add_cb (NMRemoteSettings *settings,
+ NMRemoteConnection *connection,
+ GError *error,
+ gpointer user_data)
+{
+ NMConnection *c = user_data;
+
+ if (error) {
+ g_printerr ("Failed to move connection '%s' to NetworkManager
system settings: %s",
+ nm_connection_get_id (c),
+ error->message);
+ success = FALSE;
+ }
+
+ add_cb_count++;
+ if (add_cb_count == connection_count) {
+ g_main_loop_quit (loop);
+ }
+
+ g_object_unref (c);
+}
+
+static void
+import_cb (NMConnection *connection, gpointer user_data)
+{
+ NMRemoteSettings *settings = user_data;
+
+ if (!nm_remote_settings_add_connection (settings, connection, add_cb,
g_object_ref (connection))) {
+ g_warning ("Failed to move connection '%s' to NetworkManager
system settings.",
+ nm_connection_get_id (connection));
+ g_object_unref (connection);
+ success = FALSE;
+ }
+
+ connection_count++;
+}
+
+int
+main (int argc, char **argv)
+{
+ DBusGConnection *bus;
+ NMRemoteSettings *settings;
+ GError *error = NULL;
+
+ bindtextdomain (GETTEXT_PACKAGE, NMALOCALEDIR);
+ bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
+ textdomain (GETTEXT_PACKAGE);
+
+ g_type_init ();
+
+ if (argc != 1) {
+ g_printerr ("Usage: %s\n", argv[0]);
+ exit (1);
+ }
+
+ bus = dbus_g_bus_get (DBUS_BUS_SYSTEM, &error);
+ if (!bus) {
+ g_printerr ("Could not get system bus: %s\n", error->message);
+ g_error_free (error);
+ exit (1);
+ }
+
+ settings = nm_remote_settings_new (bus);
+ nm_gconf_move_connections_to_system (import_cb, settings);
+
+ loop = g_main_loop_new (NULL, FALSE);
+
+ if (connection_count != 0)
+ {
+ g_main_loop_run (loop);
+ }
+
+ g_main_loop_unref (loop);
+ g_object_unref (settings);
+ dbus_g_connection_unref (bus);
+
+ return success ? 0 : 1;
+}
+
